Subscription to the full report on a daily basis can be obtained:
Send an eMail to dhsdailyadmin@mail.dhs.osis.gov with the subject "DHS Daily Open Source Infrastructure Report" and the following line in the body...subscribe.
To obtain a complete copy of the current report proceed to the DHS link below.
To obtain reports more than 10 business days old, send an eMail to DHS_Reports@e-computer-security.com. Be specific as to the reports you wish to receive.

• Sentry Foods issued a recall August 25 for approximately 21,570
pounds of its frozen chicken entrees products sold in 3 variations due to
potential contamination with glass or hard plastic fragments. – U.S.
Department of Agriculture

11. August 26,
U.S. Department of Agriculture– (Indiana, Pennsylvania, Texas) Sentry
Foods recalls frozen chicken entrées due to possible foreign matter
contamination. Sentry Foods issued a recall August 25 for approximately
21,570 pounds of its frozen chicken entrees products sold in 3 variations due
to potential contamination with glass or hard plastic after the firm received
consumer complaints stating extraneous materials were found in the products.
There have been no confirmed reports of adverse reactions and the products were
shipped to retail locations in Indiana, Texas, and Pennsylvania. Source:

• Apple released an emergency security update for its iOS devices
after discovering three zero-day vulnerabilities plaguing iPhones, iPads, and
iPod touches that could allow an attacker to compromise a targeted device. – SecurityWeek
See item 17 below in
the Information Technology Sector

• A Russian cyber-criminal was convicted August 25 after he stole
more than 1.7 million credit card numbers from the point-of-sale systems of
various businesses, causing 3,700 financial institutions more than $169 million
in losses. – U.S. Department of Justice

21. August 25,
U.S. Department of Justice – (International) Russian cyber-criminal
convicted of 38 counts related to hacking businesses and stealing more than two
million credit card numbers. A Russian cyber-criminal was convicted August
25 after he stole than 1.7 million credit card numbers from various businesses
from a server he operated in Russia by hacking retail point-of-sale (PoS)
systems and installing malware on the servers in order to make fraudulent
purchases, causing 3,700 financial institutions more than $169 million in
losses. Source: https://www.justice.gov/opa/pr/russian-cyber-criminal-convicted-38-counts-related-hacking-businesses-and-stealing-more-two

Financial Services Sector

See item 21 above in Top Stories

Information Technology Sector

16. August 26,
Softpedia – (International) New Locky ransomware version delivered as DLL
file. Cyren security researchers discovered that a variant of the Locky
ransomware, Zepto received updates and is now installed on infected devices as
dynamic-link library (DLL) files, instead of executable (EXE) files.
Researchers also found that the DLL file uses a custom packer in order to
prevent detection from anti-malware scanners. Source: http://news.softpedia.com/news/new-locky-ransomware-version-delivered-as-dll-file-507646.shtml

17. August 26,
SecurityWeek – (International) Apple issues emergency fix for iOS zero-days:
What you need to know. Apple released an emergency security update for its
iOS devices after discovering its iPhone 4s and later, iPad 2 and later, and
iPod touch fifth generation and later versions were plagued with three zero-day
vulnerabilities, dubbed Trident, including an information leak in the Kernel, a
memory corruption bug that could allow an attacker to jailbreak the device and
install surveillance software without user knowledge, and a memory corruption
bug in the Safari WebKit, which could allow an attacker to execute arbitrary
code and compromise the device when a user clicks a link on a specially crafted
Website. Researchers found the vulnerabilities were exploited by Pegasus, a
high-end surveillance software, and were leveraged in attacks against human
rights activists and journalists via a text message phishing campaign. Source: http://www.securityweek.com/apple-issues-emergency-fix-ios-zero-days-what-you-need-know

18. August 25,
Softpedia – (International) PowerShell script steals credentials from IIS
config files. SecureWorks researchers discovered attackers were exploiting
already compromised devices to upload and execute a malicious PowerShell script
that searchers for Microsoft Internet Information Server (IIS) configuration
files on the infected machine, which store credentials for other connection
services as connectionStrings in order to steal the access credentials and copy
the content to the local /TEMP folder. Source: http://news.softpedia.com/news/powershell-script-steals-credentials-from-iis-config-file-507638.shtml

19. August 25,
Softpedia – (International) Security firm releases decrypter for Alma
Locker ransomware. PhishLabs malware analysts released a decrypter for the
Alma Locker ransomware family that allows victims to recover their files
without paying the ransom after finding the malware’s decrypter was susceptible
to a Man-in-the-Middle attack, which allowed the researchers to spoof
communications from the attackers’ command and control (C&C) server in
order to gain insight into how the ransomware’s decrypter operates. Source: http://news.softpedia.com/news/security-firm-releases-free-decrypter-for-alma-locker-ransomware-507613.shtml

Links

About Me

U.S. Army Retired Chief Warrant Officer with more than 40 years in information technology and 35 years in information security. Became a Certified Information Systems Security Professional in 1995 and have taught computer security in Asia, Canada and the United States. Wrote a computer security column for 5 years in the 1980s titled "for the Sake Of Security", penname R. E. (Bob) Johnston, which was published in Computer Decisions.
Motto: "When entrusted to process, you are obligated to safeguard"